The Three Pillars of Effective Data Protection

All businesses have critical or sensitive data that gives them their competitive edge and keeps them open for business. Coca-Cola is a prime example, whose recipe of the popular soft drink has been guarded for over 130 years. Intellectual property, financial projections, and personal information of customers are all examples of such critical or sensitive data that requires effective data protection from breach or unauthorized use. So, how to protect data?

To protect their data, some businesses integrate data loss prevention (DLP) solutions and assume that’s all they need. Some organizations label their most critical data but fail to take into account for tracking it, leaving it to the hands of their trained (or not) employees to prevent unauthorized access. Still others protect data in use and data at rest, but forget to consider data in transit, moving from one place (or person) to another.

A solid approach applies the following three strategies: DLP, data classification, and secure collaboration. In this article, we describe how each of these three pillars of data protection work. And how they complement each other to ensure that data remains in the hands of those intended.

 

1 – Data Loss Prevention (DLP),

DLP identifies and prevents the misuse, loss, and exfiltration of critical data. This is where critical is up to the company using the product. Often, this data includes that protected by government regulation. Such as personally identifiable information (PII) and protected health information (PHI). Businesses often use DLP as a dual-purpose solution. They aim to prevent data breaches and accomplish legal compliance.

DLP solutions come in different flavors for effective data protection. They are ranging from the type of attack surface to the type of variables used to identify data. More advanced DLP will combine content with metadata like the document owner, timestamps, and the locations of where the data has moved. Others specialize in the cloud (SaaS) or endpoints or the network, and more comprehensive solutions will monitor events across these layers to build context to identify what’s critical beyond traditional keyword or character matching.

While the core functionality of DLP solutions is monitoring and alerting on data breaches, some DLP solutions also provide incident response capability for straight-forward use cases. If unauthorized data exfiltration is detected, for example, a DLP solution could immediately block the action. Or quarantine the device from sending out the data. Hence, it is removing it from the network until an investigation team can take the next step.

2 – Data Classification

The IDC’s Global DataSphere predicts that by 2026, the worldwide amount of data created annually will exceed 200,000 exabytes, or 2 billion gigabytes. With that kind of volume, enterprises need a way to prioritize and label effective data protection requirements, and the prerequisite to that is to understand the risk accepted for not prioritizing data that may not make the cut for “most critical.” That’s where data classification comes in.

Intelligence communities are great examples of organizations who have data classification mastered from years of experience and necessity. The United Kingdom, for example, publishes guidance on how to classify the government’s information assets for effective data protection. With classifications ranging from OFFICIAL to SECRET to TOP SECRET, the United Kingdom specifies OFFICIAL to all routine public sector business such as health records to TOP SECRET where if the information was leaked, it would directly threaten the internal stability of the UK or friendly nations. This type of classification is manual—at least, as far as public knowledge indicates.

Other types of data can be classified automatically. Data such as credit cards numbers, financial data, and social security numbers all follow a distinct pattern that can be using regular expressions (regex). This matches specified patterns of characters. Take a look at the regex for credit card validation as an example. For sensitive data that lacks such a clear structure. Current research is using machine learning techniques to combine contextual metadata to identify and classify such data.

3 – Secure Collaboration

Data comes in three forms considering effective data protection. These are data in use (active), data at rest (stored), and data in motion (being transferred). Most if not all enterprises need to transfer data. Either within an organization for collaboration or externally to fulfill a client request. If an organization needs to send multiple files, encrypting the path between the two endpoints (a client and a server) is necessary. Much like how an armored money truck becomes secure with bulletproof material and additional guards, protocols. These include HTTPS and the secure file transfer protocol (sFTP) ensure the data remains encrypted between two endpoints, the sender and the recipient.

Once the money truck arrives at the destination though, ensuring the contents is in the right hands and safely protected is up to the endpoint. Making sure the right person accesses the transfer data is accomplished using end-to-end encryption. It is not a guaranteed option in popular business collaboration tools such as messaging or virtual video meetings. Additionally, the actual device (i.e., laptop, server) must be under protection. Since the best encryption in transit will not compensate for a compromised account.

Access Controls: Implement strict access controls to limit data access to authorized individuals. This includes user authentication mechanisms such as strong passwords, multi-factor authentication (MFA), and role-based access controls (RBAC). Regularly review and update access privileges to ensure they align with business needs.

Tying it together to ensure effective data protection

A three-pillared approach of data loss prevention, data classification, and secure collaboration will provide your organization a solid defensive strategy for protecting critical data for operations and legal compliance. Start reducing the risk of cybersecurity attacks and data breaches both malicious and unintentional. So, you can maintain your competitive edge and keep your company open for business.

Tags: data protection data security effective data protection